Overview

overview

10

Static

static

LOWE COPY.exe

windows7_x64

10

LOWE COPY.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    LOWE COPY.exe

  • Size

    952KB

  • Sample

    210115-dhe6y3b7ms

  • MD5

    22f9f9ee353bd2cb4fa8402de52626c2

  • SHA1

    8ce8dc75f001d54a622844034d4159268c4bf994

  • SHA256

    034a88044cda55e5e899dda57067450bb725109dcfc9147d6ae41d7b08584734

  • SHA512

    5b29c736ed127800283526cb0538059da973d930d174bd344b0cd5a80e68cbbc586252a88f3e52e115eb9ad757dc734b6c068734e68b024d1487541e60e1e27c

Score
10/10
formbookxloaderloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.a-emeservice.com/m8ec/

Decoy

thomascraigwealth.com

melbournemedicalhealth.net

tdxcoin.com

lukassbprojects.net

aldemallc.com

moqawalat-kuwait.com

txcsco.com

jobcarepro.com

sedotwcmedanmurah.com

niconthenine.com

radliffrehab.com

infiniteechogroup.com

stellantis-luxury-rent.com

ibusehat.info

resellerauctions.com

softwarexprogrammers.com

bumpnlifestyle.com

mintmacher.com

partapprintercare.com

justrightinsurance.com

Targets

    • Target

      LOWE COPY.exe

    • Size

      952KB

    • MD5

      22f9f9ee353bd2cb4fa8402de52626c2

    • SHA1

      8ce8dc75f001d54a622844034d4159268c4bf994

    • SHA256

      034a88044cda55e5e899dda57067450bb725109dcfc9147d6ae41d7b08584734

    • SHA512

      5b29c736ed127800283526cb0538059da973d930d174bd344b0cd5a80e68cbbc586252a88f3e52e115eb9ad757dc734b6c068734e68b024d1487541e60e1e27c

    Score
    10/10
    formbookxloaderloaderratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks